Conditions of secure work

Acra can perform its protective functions properly and protect from the security threats 1, 2, 3 if the following security assumptions are met:
- The PKI infrastructure is trusted;
- AcraServer is trusted;
- The client is less trusted than the server.

Possible consequences of compromisation

Let’s consider all the possible consequences of any of separate component being broken (broken as in “fully compromised” when the adversary fully overtakes the work of the component and gains full access to its memory).

When a Database is broken into, the worst-case scenario is DoS or COA. Thus, the stability of the system, in this case, is reduced to the stability of the symmetric encryption algorithm (AES-GCM-256).
When the Client gets broken, the worst-case scenario is that the adversary can get the data belonging to this client, which is stored in the database.
And finally, if AcraServer gets broken, the adversary can fully compromise the system.

It is worth mentioning that in absence of PKI, the communication channel between the Client and AcraServer is also vulnerable. In this case, the resistance ability of the system comes down to the secureness of the SSL/TLS or Themis’ Secure Session protocols. In all the other communication channels the data is encrypted so, in the worst case (when SSL/TLS is not used) the secureness of the system comes down to the secureness of the symmetric encryption algorithm (AES-GCM-256).